1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_CT_POLICY_ENFORCER_H_ 6 #define NET_CERT_CT_POLICY_ENFORCER_H_ 7 8 #include <stddef.h> 9 #include <vector> 10 11 #include "net/base/net_export.h" 12 #include "net/cert/signed_certificate_timestamp.h" 13 14 namespace net { 15 16 class NetLogWithSource; 17 18 namespace ct { 19 enum class CTPolicyCompliance; 20 } // namespace ct 21 22 class X509Certificate; 23 24 // Interface for checking whether or not a given certificate conforms to any 25 // policies an application may have regarding Certificate Transparency. 26 // 27 // See //net/docs/certificate-transparency.md for more details regarding the 28 // usage of CT in //net and risks that may exist when defining a CT policy. 29 class NET_EXPORT CTPolicyEnforcer { 30 public: 31 virtual ~CTPolicyEnforcer() = default; 32 33 // Returns the CT certificate policy compliance status for a given 34 // certificate and collection of SCTs. 35 // |cert| is the certificate for which to check compliance, and 36 // ||verified_scts| contains any/all SCTs associated with |cert| that 37 // |have been verified (well-formed, issued by known logs, and 38 // |applying to |cert|). 39 virtual ct::CTPolicyCompliance CheckCompliance( 40 X509Certificate* cert, 41 const ct::SCTList& verified_scts, 42 const NetLogWithSource& net_log) = 0; 43 }; 44 45 // A default implementation of Certificate Transparency policies that is 46 // intended for use in applications without auto-update capabilities. 47 // 48 // See //net/docs/certificate-transparency.md for more details. 49 class NET_EXPORT DefaultCTPolicyEnforcer : public net::CTPolicyEnforcer { 50 public: 51 DefaultCTPolicyEnforcer() = default; 52 ~DefaultCTPolicyEnforcer() override = default; 53 54 ct::CTPolicyCompliance CheckCompliance( 55 X509Certificate* cert, 56 const ct::SCTList& verified_scts, 57 const NetLogWithSource& net_log) override; 58 }; 59 60 } // namespace net 61 62 #endif // NET_CERT_CT_POLICY_ENFORCER_H_ 63